Home > Security Center

Font Adjust: A | A | A
Fraud Alert

Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester

Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester

TLP:CLEAR

SUMMARY

From mid-June through mid-July 2022, CISA conducted an incident response engagement at a Federal Civilian Executive Branch (FCEB) organization where CISA observed suspected advanced persistent threat (APT) activity. In the course of incident response activities, CISA determined that cyber threat actors exploited the Log4Shell vulnerability in an unpatched VMware Horizon server, installed XMRig crypto mining software, moved laterally to the domain controller (DC), compromised credentials, and then implanted Ngrok reverse proxies on several hosts to maintain persistence. CISA and the Federal Bureau of Investigation (FBI) assess that the FCEB network was compromised by Iranian government-sponsored APT actors.

Please click here to read more detail

TLP:CLEAR

This website and the articles contained within are provided as a free service to you and for general informational purposes only. Information on this website is not intended to provide legal, accounting, tax or other advice. Please consult your attorney, accountant, or financial or other advisor with regard to your individual situation. We also make no warranty or representation regarding, and do not endorse, any linked websites or the information appearing there.
© 2024 Small Business Resources.